multer memory storage sonar security hotspot with express

Question

I have a small express based REST API written. I use multer as specified below to upload huge json to my server.

const webhookController = require( '../controllers/webhook' );
const upload = multer( {
    storage: multer.memoryStorage(),
    limits: {
        fieldNameSize: 255,
        fileSize: 2 * 1024 * 1024,
        fieldSize: 2 * 1024 * 1024,
        files: 1,
        fields: 1
    }
} );
const jsonParser = bodyParser.json(); // JSON parser middleware
const urlencodedParser = bodyParser.urlencoded({ extended: false, limit: "2mb" });
router.post( '/formatter',upload.single('file'), jsonParser, urlencodedParser, [
    isBasicAuthenticationValid,
    isJSONValid
], webhookController.format );

I do a sonar analysis of my code before deployment, and the analysis complains of a security hotspot. Look below.

const upload = multer( {
    storage: multer.memoryStorage(),
    Make sure the content length limit is safe here.
    limits: {
        fieldNameSize: 255,
        fileSize: 2 * 1024 * 1024,
        fieldSize: 2 * 1024 * 1024,
        files: 1,
        fields: 1
    }
} );

I have however all types of limit of file size and cannot figure out what I am missing here to get rid of the security issue.

multer memory storage sonar security hotspot with express

0 Answers0